Coverity-updates archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

New Defects reported by Coverity Scan for NetBSD-i386-user



Hi,


Please find the latest report on new defect(s) introduced to NetBSD-i386-user 
found with Coverity Scan.

Defect(s) Reported-by: Coverity Scan
Showing 13 of 13 defect(s)


** CID 275226:  Resource leak  (RESOURCE_LEAK)
/external/bsd/openldap/dist/clients/tools/common.c: 1586 in tool_bind()

** CID 982365:  Logically dead code  (DEADCODE)
/external/bsd/openldap/dist/libraries/libldap/options.c: 136 in 
ldap_get_option()
/external/bsd/openldap/dist/libraries/libldap/options.c: 344 in 
ldap_get_option()

** CID 982886:  Printf arg count mismatch  (PW.TOO_MANY_PRINTF_ARGS)
/external/bsd/openldap/dist/libraries/libldap/open.c: 538 in ()

** CID 1220175:  Buffer not null terminated  (BUFFER_SIZE_WARNING)
/libexec/rpc.rstatd/rstat_proc.c: 257 in updatestat()

** CID 1220176:  Unchecked return value  (CHECKED_RETURN)
/external/bsd/openldap/dist/clients/tools/ldapsearch.c: 1533 in dosearch()

** CID 1220177:  Printf arg count mismatch  (PW.TOO_MANY_PRINTF_ARGS)
/external/bsd/openldap/dist/libraries/libldap/os-ip.c: 446 in ()

** CID 1220178:  Printf arg count mismatch  (PW.TOO_MANY_PRINTF_ARGS)
/external/bsd/openldap/dist/libraries/libldap/os-ip.c: 444 in ()

** CID 1220179:  Printf arg count mismatch  (PW.TOO_MANY_PRINTF_ARGS)
/external/bsd/openldap/dist/libraries/libldap/os-ip.c: 453 in ()

** CID 1220180:  Resource leak  (RESOURCE_LEAK)
/external/bsd/openldap/dist/clients/tools/ldapsearch.c: 1538 in dosearch()

** CID 1220181:  Untrusted pointer read  (TAINTED_SCALAR)
/external/bsd/openldap/dist/libraries/libldap/ldif.c: 878 in ldif_read_record()
/external/bsd/openldap/dist/libraries/libldap/ldif.c: 898 in ldif_read_record()

** CID 1220182:  Uninitialized scalar variable  (UNINIT)
/external/bsd/openldap/dist/clients/tools/common.c: 1572 in tool_bind()

** CID 1220183:  Uninitialized pointer read  (UNINIT)
/external/bsd/openldap/dist/clients/tools/common.c: 1538 in tool_bind()

** CID 1220184:  Unused pointer value  (UNUSED_VALUE)
/external/bsd/openldap/dist/clients/tools/common.c: 1945 in print_prepostread()


________________________________________________________________________________________________________
*** CID 275226:  Resource leak  (RESOURCE_LEAK)
/external/bsd/openldap/dist/clients/tools/common.c: 1586 in tool_bind()
1580                            if( matched ) ber_memfree( matched );
1581                            if( info ) ber_memfree( info );
1582                            if( refs ) ber_memvfree( (void **)refs );
1583     
1584                            if ( err != LDAP_SUCCESS ) tool_exit( ld, err );
1585                    }
>>>     CID 275226:  Resource leak  (RESOURCE_LEAK)
>>>     Variable "info" going out of scope leaks the storage it points to.
1586            }
1587     }
1588     
1589     void
1590     tool_unbind( LDAP *ld )
1591     {

________________________________________________________________________________________________________
*** CID 982365:  Logically dead code  (DEADCODE)
/external/bsd/openldap/dist/libraries/libldap/options.c: 136 in 
ldap_get_option()
130             switch(option) {
131             case LDAP_OPT_API_INFO: {
132                             struct ldapapiinfo *info = (struct ldapapiinfo 
*) outvalue;
133     
134                             if(info == NULL) {
135                                     /* outvalue must point to an apiinfo 
structure */
>>>     CID 982365:  Logically dead code  (DEADCODE)
>>>     Execution cannot reach this statement "break;".
136                                     break;  /* LDAP_OPT_ERROR */
137                             }
138     
139                             if(info->ldapai_info_version != 
LDAP_API_INFO_VERSION) {
140                                     /* api info version mismatch */
141                                     info->ldapai_info_version = 
LDAP_API_INFO_VERSION;
/external/bsd/openldap/dist/libraries/libldap/options.c: 344 in 
ldap_get_option()
338     
339             case LDAP_OPT_API_FEATURE_INFO: {
340                             LDAPAPIFeatureInfo *info = (LDAPAPIFeatureInfo 
*) outvalue;
341                             int i;
342     
343                             if(info == NULL)
>>>     CID 982365:  Logically dead code  (DEADCODE)
>>>     Execution cannot reach this statement "break;".
344                                     break;  /* LDAP_OPT_ERROR */
345     
346                             if(info->ldapaif_info_version != 
LDAP_FEATURE_INFO_VERSION) {
347                                     /* api info version mismatch */
348                                     info->ldapaif_info_version = 
LDAP_FEATURE_INFO_VERSION;
349                                     break;  /* LDAP_OPT_ERROR */

________________________________________________________________________________________________________
*** CID 982886:  Printf arg count mismatch  (PW.TOO_MANY_PRINTF_ARGS)
/external/bsd/openldap/dist/libraries/libldap/open.c: 538 in ()
532             LDAP                    *ld;
533     
534             if ( old == NULL ) {
535                     return( NULL );
536             }
537     
>>>     CID 982886:  Printf arg count mismatch  (PW.TOO_MANY_PRINTF_ARGS)
>>>     the format string ends before this argument
538             Debug( LDAP_DEBUG_TRACE, "ldap_dup\n", 0, 0, 0 );
539     
540             if ( (ld = (LDAP *) LDAP_CALLOC( 1, sizeof(LDAP) )) == NULL ) {
541                     return( NULL );
542             }
543        

________________________________________________________________________________________________________
*** CID 1220175:  Buffer not null terminated  (BUFFER_SIZE_WARNING)
/libexec/rpc.rstatd/rstat_proc.c: 257 in updatestat()
251             if (ifps == NULL) {
252                     syslog(LOG_ERR, "can't read interface list from 
kernel");
253                     exit(1);
254             }
255             s = socket(AF_INET, SOCK_DGRAM, 0);
256             for (i = 0; s != -1 && ifps[i].if_name != NULL; ++i) {
>>>     CID 1220175:  Buffer not null terminated  (BUFFER_SIZE_WARNING)
>>>     Calling strncpy with a maximum size argument of 16 bytes on destination 
>>> array "ifdr.ifdr_name" of size 16 bytes might leave the destination string 
>>> unterminated.
257                     strncpy(ifdr.ifdr_name, ifps[i].if_name, 
sizeof(ifdr.ifdr_name));
258                     if (ioctl(s, SIOCGIFDATA, &ifdr) != 0)
259                             continue;
260                     stats_all.s3.if_ipackets += ifdr.ifdr_data.ifi_ipackets;
261                     stats_all.s3.if_opackets += ifdr.ifdr_data.ifi_opackets;
262                     stats_all.s3.if_ierrors += ifdr.ifdr_data.ifi_ierrors;

________________________________________________________________________________________________________
*** CID 1220176:  Unchecked return value  (CHECKED_RETURN)
/external/bsd/openldap/dist/clients/tools/ldapsearch.c: 1533 in dosearch()
1527     
1528                            if ( ldapsync && sync_slimit != -1 &&
1529                                            nresponses_psearch >= 
sync_slimit ) {
1530                                    BerElement *msgidber = NULL;
1531                                    struct berval *msgidvalp = NULL;
1532                                    msgidber = ber_alloc_t(LBER_USE_DER);
>>>     CID 1220176:  Unchecked return value  (CHECKED_RETURN)
>>>     No check of the return value of "ber_printf(msgidber, "{i}", msgid)".
1533                                    ber_printf(msgidber, "{i}", msgid);
1534                                    ber_flatten(msgidber, &msgidvalp);
1535                                    ldap_extended_operation(ld, 
LDAP_EXOP_CANCEL,
1536                                            msgidvalp, NULL, NULL, 
&cancel_msgid);
1537                                    nresponses_psearch = -1;
1538                            }

________________________________________________________________________________________________________
*** CID 1220177:  Printf arg count mismatch  (PW.TOO_MANY_PRINTF_ARGS)
/external/bsd/openldap/dist/libraries/libldap/os-ip.c: 446 in ()
440             if ( opt_tv && ldap_pvt_ndelay_on(ld, s) == -1 )
441                     return ( -1 );
442     
443             do{
444                     osip_debug(ld, "attempting to connect: \n", 0, 0, 0);
445                     if ( connect(s, sin, addrlen) != AC_SOCKET_ERROR ) {
>>>     CID 1220177:  Printf arg count mismatch  (PW.TOO_MANY_PRINTF_ARGS)
>>>     the format string ends before this argument
446                             osip_debug(ld, "connect success\n", 0, 0, 0);
447     
448                             if ( opt_tv && ldap_pvt_ndelay_off(ld, s) == -1 
)
449                                     return ( -1 );
450                             return ( 0 );
451                     }

________________________________________________________________________________________________________
*** CID 1220178:  Printf arg count mismatch  (PW.TOO_MANY_PRINTF_ARGS)
/external/bsd/openldap/dist/libraries/libldap/os-ip.c: 444 in ()
438                             s, opt_tv ? (intmax_t)tv.tv_sec : -1, async);
439     
440             if ( opt_tv && ldap_pvt_ndelay_on(ld, s) == -1 )
441                     return ( -1 );
442     
443             do{
>>>     CID 1220178:  Printf arg count mismatch  (PW.TOO_MANY_PRINTF_ARGS)
>>>     the format string ends before this argument
444                     osip_debug(ld, "attempting to connect: \n", 0, 0, 0);
445                     if ( connect(s, sin, addrlen) != AC_SOCKET_ERROR ) {
446                             osip_debug(ld, "connect success\n", 0, 0, 0);
447     
448                             if ( opt_tv && ldap_pvt_ndelay_off(ld, s) == -1 
)
449                                     return ( -1 );

________________________________________________________________________________________________________
*** CID 1220179:  Printf arg count mismatch  (PW.TOO_MANY_PRINTF_ARGS)
/external/bsd/openldap/dist/libraries/libldap/os-ip.c: 453 in ()
447     
448                             if ( opt_tv && ldap_pvt_ndelay_off(ld, s) == -1 
)
449                                     return ( -1 );
450                             return ( 0 );
451                     }
452                     err = sock_errno();
>>>     CID 1220179:  Printf arg count mismatch  (PW.TOO_MANY_PRINTF_ARGS)
>>>     the format string ends before this argument
453                     osip_debug(ld, "connect errno: %d\n", err, 0, 0);
454     
455             } while(err == EINTR &&
456                     LDAP_BOOL_GET( &ld->ld_options, LDAP_BOOL_RESTART ));
457     
458             if ( err != EINPROGRESS && err != EWOULDBLOCK ) {

________________________________________________________________________________________________________
*** CID 1220180:  Resource leak  (RESOURCE_LEAK)
/external/bsd/openldap/dist/clients/tools/ldapsearch.c: 1538 in dosearch()
1532                                    msgidber = ber_alloc_t(LBER_USE_DER);
1533                                    ber_printf(msgidber, "{i}", msgid);
1534                                    ber_flatten(msgidber, &msgidvalp);
1535                                    ldap_extended_operation(ld, 
LDAP_EXOP_CANCEL,
1536                                            msgidvalp, NULL, NULL, 
&cancel_msgid);
1537                                    nresponses_psearch = -1;
>>>     CID 1220180:  Resource leak  (RESOURCE_LEAK)
>>>     Variable "msgidvalp" going out of scope leaks the storage it points to.
1538                            }
1539                    }
1540     
1541                    ldap_msgfree( res );
1542            }
1543     

________________________________________________________________________________________________________
*** CID 1220181:  Untrusted pointer read  (TAINTED_SCALAR)
/external/bsd/openldap/dist/libraries/libldap/ldif.c: 878 in ldif_read_record()
872                                     if ( line[0] == '#' ) {
873                                             top_comment = 1;
874                                     } else if ( ! ( top_comment && line[0] 
== ' ' ) ) {
875                                             /* Found a new entry */
876                                             found_entry = 1;
877     
>>>     CID 1220181:  Untrusted pointer read  (TAINTED_SCALAR)
>>>     Using tainted variable "(unsigned char)line[0]" as an index to pointer 
>>> "_ctype_tab_ + 1".
878                                             if ( isdigit( (unsigned char) 
line[0] ) ) {
879                                                     /* skip index */
880                                                     continue;
881                                             }
882                                             if ( !strncasecmp( line, 
"include:",
883                                                     STRLENOF("include:"))) {
/external/bsd/openldap/dist/libraries/libldap/ldif.c: 898 in ldif_read_record()
892                                                     if ( line[len-1] == 
'\r' ) {
893                                                             len--;
894                                                             line[len] = 
'\0';
895                                                     }
896     
897                                                     ptr = line + 
STRLENOF("include:");
>>>     CID 1220181:  Untrusted pointer read  (TAINTED_SCALAR)
>>>     Using tainted variable "(unsigned char)*ptr" as an index to pointer 
>>> "_ctype_tab_ + 1".
898                                                     while 
(isspace((unsigned char) *ptr)) ptr++;
899                                                     fp2 = ldif_open_url( 
ptr );
900                                                     if ( fp2 ) {
901                                                             LDIFFP *lnew = 
ber_memalloc( sizeof( LDIFFP ));
902                                                             if ( lnew == 
NULL ) {
903                                                                     fclose( 
fp2 );

________________________________________________________________________________________________________
*** CID 1220182:  Uninitialized scalar variable  (UNINIT)
/external/bsd/openldap/dist/clients/tools/common.c: 1572 in tool_bind()
1566     #endif
1567     
1568                    if ( ctrls ) {
1569                            ldap_controls_free( ctrls );
1570                    }
1571     
>>>     CID 1220182:  Uninitialized scalar variable  (UNINIT)
>>>     Using uninitialized value "err".
1572                    if ( err != LDAP_SUCCESS
1573                            || msgbuf[0]
1574                            || ( matched && matched[ 0 ] )
1575                            || ( info && info[ 0 ] )
1576                            || refs )
1577                    {

________________________________________________________________________________________________________
*** CID 1220183:  Uninitialized pointer read  (UNINIT)
/external/bsd/openldap/dist/clients/tools/common.c: 1538 in tool_bind()
1532                                    tool_perror( "ldap_bind parse result", 
rc, NULL, matched, info, refs );
1533                                    tool_exit( ld, LDAP_LOCAL_ERROR );
1534                            }
1535                    }
1536     
1537     #ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
>>>     CID 1220183:  Uninitialized pointer read  (UNINIT)
>>>     Using uninitialized value "ctrls".
1538                    if ( ctrls && ppolicy ) {
1539                            LDAPControl *ctrl;
1540                            int expire, grace, len = 0;
1541                            LDAPPasswordPolicyError pErr = -1;
1542                            
1543                            ctrl = ldap_control_find( 
LDAP_CONTROL_PASSWORDPOLICYRESPONSE,

________________________________________________________________________________________________________
*** CID 1220184:  Unused pointer value  (UNUSED_VALUE)
/external/bsd/openldap/dist/clients/tools/common.c: 1945 in print_prepostread()
1939                                    char *ptr;
1940     
1941                                    str = malloc( bv.bv_len + STRLENOF(": 
") + 1 );
1942     
1943                                    ptr = str;
1944                                    ptr = lutil_strncopy( ptr, bv.bv_val, 
bv.bv_len );
>>>     CID 1220184:  Unused pointer value  (UNUSED_VALUE)
>>>     Pointer "ptr" returned by "lutil_strcopy(ptr, ": ")" is never used.
1945                                    ptr = lutil_strcopy( ptr, ": " );
1946                            }
1947                    
1948                            for ( i = 0; vals[ i ].bv_val != NULL; i++ ) {
1949                                    tool_write_ldif(
1950                                            ldif ? LDIF_PUT_COMMENT : 
LDIF_PUT_VALUE,


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, 
http://scan.coverity.com/projects/1448?tab=overview

To unsubscribe from the email notification for new defects, 
http://scan5.coverity.com/cgi-bin/unsubscribe.py




Home | Main Index | Thread Index | Old Index